[Freeipa-users] FreeIPA for Linux desktop deployment
nasir nasir
kollathodi at yahoo.com
Sun May 15 04:49:51 UTC 2011
Thanks again!
NO, it was not set. I added it manually now (automount: ldap ) and now a different error pops up in /var/log/messages while restarting autofs service,
May 15 06:32:04 hugayat automount[16256]: open_lookup:90: cannot open lookup module ldap (/usr/lib/autofs/lookup_ldap.so: undefined symbol: ERR_remove_state)May 15 06:32:04 hugayat automount[16256]: lookup_nss_read_master: auto.master not found, replacing '.' with '_'May 15 06:32:04 hugayat automount[16256]: open_lookup:90: cannot open lookup module ldap (/usr/lib/autofs/lookup_ldap.so: undefined symbol: ERR_remove_state)May 15 06:32:04 hugayat automount[16256]: no mounts in table
Quick googling shows that it was part of a bug in earlier version of autofs(5.0.3) but later fixed. Mine is autofs autofs-5.0.5-29.el6.i686
Also, the symbol ERR_remove_state is part of openssl right ? following is my output of ldd command of lookup_ldap.so,
ldd /usr/lib/autofs/lookup_ldap.so linux-gate.so.1 => (0x00840000) libldap-2.4.so.2 => /lib/libldap-2.4.so.2 (0x00926000) liblber-2.4.so.2 => /lib/liblber-2.4.so.2 (0x00d00000) libresolv.so.2 => /lib/libresolv.so.2 (0x00258000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x002be000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0x002d7000) libz.so.1 => /lib/libz.so.1 (0x00f7f000) libm.so.6 => /lib/libm.so.6 (0x00e43000) libkrb5.so.3 => /lib/libkrb5.so.3 (0x00110000) libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00e74000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x001e5000) libc.so.6 => /lib/libc.so.6 (0x00aa7000) libssl3.so => /usr/lib/libssl3.so (0x004ab000) libsmime3.so => /usr/lib/libsmime3.so (0x001e9000) libnss3.so => /usr/lib/libnss3.so (0x004e1000) libnssutil3.so =>
/usr/lib/libnssutil3.so (0x00212000) libplds4.so => /lib/libplds4.so (0x0022c000) libplc4.so => /lib/libplc4.so (0x00773000) libnspr4.so => /lib/libnspr4.so (0x00271000) libdl.so.2 => /lib/libdl.so.2 (0x00230000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00421000) /lib/ld-linux.so.2 (0x008b1000) libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x009a4000) libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00235000) libpthread.so.0 => /lib/libpthread.so.0 (0x00706000) libfreebl3.so => /lib/libfreebl3.so (0x00451000) libselinux.so.1 => /lib/libselinux.so.1 (0x00238000)
Any idea ?
Thanks and regards,Nidal
Is LDAP set for automount in /etc/nsswitch.com?
On 05/14/2011 08:59 AM, nasir nasir wrote:
I
configured one fresh IPA client machine(RHEL 6.1 beta)
and tested automount again. It is still the same.
Automount is not working. Also, in the debug mode of
autofs, I can see some messages in the /var/log/messages
while restarting autofs services. Please see this,
May 14 15:20:45 rhel automount[23932]:
Starting automounter version 5.0.5-29.el6, master
map auto.master
May 14 15:20:45 rhel automount[23932]:
using kernel protocol version 5.01
May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_master: reading master files
auto.master
May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)
May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry /misc
May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry /net
May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry
+auto.master
May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_master: reading master files
auto.master
May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)
May 14 15:20:45 rhel automount[23932]:
lookup(file): failed to read included master map
auto.master
May 14 15:20:45 rhel automount[23932]:
master_do_mount: mounting /misc
May 14 15:20:45 rhel automount[23932]:
automount_path_to_fifo: fifo name
/var/run/autofs.fifo-misc
May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_map: reading map file /etc/auto.misc
May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)
May 14 15:20:45 rhel automount[23932]:
mounted indirect on /misc with timeout 300, freq 75
seconds
May 14 15:20:45 rhel automount[23932]:
st_ready: st_ready(): state = 0 path /misc
May 14 15:20:45 rhel automount[23932]:
master_do_mount: mounting /net
May 14 15:20:45 rhel automount[23932]:
automount_path_to_fifo: fifo name
/var/run/autofs.fifo-net
May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_map: reading map hosts (null)
May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)
May 14 15:20:45 rhel automount[23932]:
mounted indirect on /net with timeout 300, freq 75
seconds
May 14 15:20:45 rhel automount[23932]:
st_ready: st_ready(): state = 0 path /net
Is the
line in bold is a a problem ?
Thanks
and regards,
Nidal
---
On Fri, 5/13/11, Adam Young <ayoung at redhat.com> wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop
deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Date: Friday, May 13, 2011, 1:28 PM
On 05/13/2011 01:54 PM, nasir
nasir wrote:
Adam,
I am taking this
off the list as it is going too
offline, but I promise I will write up
the correct solution and howto once I
get everything up and running and post
it in the mail
for everyone's reference.
Here is what I have and what I
want to achieve (with your help :-) ,
-- I have one IPA server(up and
running) called openipa.cohort.org
-- I have one IPA client machine
which I created with ipa-client-install
--mkhomedir switch called
nfsserver.cohort.org
-- The nfsserver.cohort.org
machine is an NFS server(actually I had
created IPA server also with an NFS
export, but then I stopped the NFS
server on that to avoid confusion and
instead configured the
nfsserver.cohort.org as the NFS server).
In this server I have a partition called
/xtra and a sub directory under
that called home. So it looks
like /xtra/home. Now I want
every users in the IPA to be able to
login from any machine in the network
and their home directories created
under the /xtra/home directory of
nfsserver.cohort.org and automatically
mounted in their client machine.
This is 3 parts
1) Centralized login using
IPA server openipa.cohort.org (This part
is working now)
2) NFS server configured on
nfsserver.cohort.org with kerberos
authentication(This is also working it
seems as I can mount using the sec=krb5
option from client MANUALLY)
3) Automatically create &
mount home folder for each user under /xtra/home/XXX
when they login from the machine(This is
NOT working as of now)
I think #3 is not working because
the automountkey options given are
wrong. So could you please tell me the
exact commands with correct parameters
in my case for automount ? I know I am
asking too much. But I am stuck up on
this point and this is getting delayed
terribly already.
I have a suspicion that the problem stems from the
/home automount. Short of it is that you probably
want to force the creation of the users homedir once
you create the account, as opposed to letting them
create it upon login.
Longer answer is that I suspect the issue is with
this line:
/etc/auto.home:
*
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&
I am guessing that what is happening is that NFS
doesn't let you create a directory that you are
going to automount. I'm not certain. Here is what
I think is happening. 1st, upon user log in, the
cliuent machine's odd job handler does stat
/home/$USER and gets back ENOENT. It then does a
mkdir /home/$USER but since this is a mount point,
that operation is not allowed.
If you instead automounted /home, it would probably
work, but then all users home directories would be
exposed, and I am guessing that you only want the
currently logged in users home directory
automounted.
A simple test, change the automount map to just
mount /home completely, and then create a new user.
I'm guessing that will work. Basically
/etc/auto.home:
/home
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/
Thanks for all the help!
Regards,
Nidal
--- On Fri, 5/13/11, Adam
Young <ayoung at redhat.com>
wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA
for Linux desktop deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Friday, May 13, 2011, 10:11 AM
On 05/13/2011
12:57 PM, nasir nasir wrote:
Adam/Nalin,
Two
cases,
1) When I am testing
this by manually
mounting the nfs
share(which is /xtra )on
the NFS server itself
using the following
command,
#mount
-vvvv -t nfs4 -o
sec=krb5
nfsserver.cohort.org:/
/home
I get whatever
problem I described in
previous mail(permission
issues). Now this could
be because here IPA is
not managing the
user/group permissions
completely(Correct me if
I am wrong in this
assumption) and all the
problem you described
happen.
I think that, in order to have a
complete set up, IPA needs to manage
the user IDs for your NFS server.
Otherwise, you will have to work at
getting the userIDs in sync, and
with out that, you do not have a
workable NFS solution, and thus no
Automount.
2) When I DO NOT
mount manually and
instead I try to login
as a new user on the
nfsserver machine, It
creates the home folder
for this user on the
/home partition of
nfsserver machine
because automount is NOT
working and hence there
is no mounted partition
to confuse things.
So to be able to test
it properly, I need to
fix the issue in
automount and get the
case #2 tested and
working properly with
/home automatically
mounted from the
nfsserver.
This is my "ipa
automountlocation-tofiles
default" output,
/etc/auto.master:
/-
/etc/auto.direct
/share
/etc/auto.share
/home
/etc/auto.home
---------------------------
/etc/auto.direct:
---------------------------
/etc/auto.share:
---------------------------
/etc/auto.home:
*
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&
Is this OK ? Please
help.
If you don't do NFS, then you have
no way to share the users
directories. If you do the
ipa-client option to automatically
create directories on first login,
or your users will a new unique home
directory on each machine they log
in to, which probably isn't what you
want. I'm a litel confused by what
you wrote above: why would you be
mounting at all on the nfs server
machine? THe NFS server should be
exporting the FS, and logging in to
that machine as a new user should
correctly create the home
directory. Unless, of course , you
are doing something like mounting
the NFS volume on /mnt/nfsexport,
and then nfs mounting that to /home
on the same machine, but that would
be inefficient. But since it looks
like your nfs server is specified as
nfsserver.cohort.org:/xtra/home/
I'm guessing that you just mistyped
above, or I misparsed it.
The nfs server should not do
automount. And I think this might
be part of the problem: you need it
to do the rest of identity
management, but not autmount. You
can probably just chkconfig off
autofs on the nfs server. I'm not
sure if there is a cleaner solution.
Thanks and regards,
Nidal
---
On Fri,
5/13/11, Adam Young <ayoung at redhat.com> wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re:
[Freeipa-users] FreeIPA
for Linux desktop
deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Friday, May 13,
2011, 9:29 AM
On 05/13/2011 12:13
PM, nasir nasir wrote:
Adam,
Thanks
indeed!
I tried
your
suggestions.
-- I
can mkdir
-- When
I try to
chown, I get
the following
error
chown:
changing
ownership of
`nasir':
Operation not
permitted
Could you
please explain
me what do you
mean by 'You
probably need
rwx
permissions in
/etc/export' ?
This is my
/etc/export
file,
see the '(rw' in
those lines? That
indicates read and
write privs, but not
execute.
I'm not an nfs guru,
so I might be wrong.
this post suggests
that I am wrong:
http://jackhammer.org/node/7
SInce IPA is managing
the IDs, they should
be in sync across the
NFS and autmounted
client machines, but
there might be
something not right in
the setup. if the IPA
server isn't managing
the machine that
serves as your NFS
server, then the IDs
are certainly going to
be out of sync.
/xtra
*(rw,fsid=0,insecure,no_root_squash,no_subtree_check)
/xtra
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)
/xtra
gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)
/xtra
gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)
Also, I
have
configured a
separate
client machine
(RHEL 6.1) and
configured it
as NFS server
(previously my
NFS server was
IPA server
itself) and
the result is
same. All the
above commands
are from this
client machine
only.
Thanks
indeed again!
Regards,
Nidal
oddjob-mkhomedir[16401]:
error setting
permissions on
/home/abc:
Operation not
permitted
It might be a
root squash
issue. My
guess is that
the order of
operations for
creating a
root
directory,
which is done
by root, is:
1. mkdir
/home/userid
2. chown
uid:gid
/home/userid
It sounds from
the error
message that
the first
stage
happened, but
NFS is not
allowing the
second stage.
To confirm,
as a root (and
kinit admin)
user on the
client
machine, just
try these two
steps in order
and see if
they still
fail.
chown is a
different
system call
from mkdir,
and might have
different nfs
enforced
permissions.
You probably
need rwx
permissions in
/etc/export.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110514/4f580be7/attachment.htm>
More information about the Freeipa-users
mailing list